On Tue, Mar 24, 2009 at 5:18 PM, Sam Cayze <[email protected]> wrote: > Does the device that I am trying to capture the mac from need to have a > valid IP on the same network?
ARP is the mechanism the IP layer uses to learn the MAC address which corresponds to an IP address. If you want to use ARP for MAC address discovery, you need to know the particular IP address assigned to that device. ARP works as follows. Say we have two computers on an Ethernet: Alpha on 192.0.2.42, and Bravo on 192.0.2.31. Alpha has an IP datagram to send to Bravo, but it only has Bravo's IP address. Ethernet doesn't know anything about IP addresses; you need to give it a destination MAC address. So Alpha sends a broadcast frame on the Ethernet, asking "Who has 192.0.2.42?". Bravo sees the broadcast, and sends a broadcast frame of its own, saying "192.0.2.42 is at <MAC address>." Alpha sees that broadcast, and now knows what MAC address to send Bravo's datagram to. Alpha puts this in its ARP table, so can skip the ARP lookup for future datagrams to Bravo. When you say "arp -a" to Windows, you're asking Windows to tell you the ARP addresses it has learned through the above process. (Plus any static ARP entries, but that's not relevant to this.) > I think the devices are set to DHCP ... As someone else suggested, if DHCP is indeed enabled, your best bet is to just connect each device one at a time, and get the MAC address from the DHCP lease or logs. Keep in mind that many devices have multiple MAC addresses, and DHCP will only report whatever MAC address the device used to request its lease. If you need all of them, it's harder still. (I'm assuming you want to know which MAC address goes with which device. If you just need to generate a list of MAC addresses which corresponds to a pile of equipment, then you can power them all up at once, plug them all into a switch, and just look at the DHCP logs when you're done.) > Ideally, I would like to stick a cord in the device, have the mac populated > via script, rinse and repeat for each machine... Other ideas: If the devices support SNMP and get IP addresses via DHCP, it should be possible to use SNMP to get a list of all the MAC addresses associated with a device. Assuming the devices implement the right MIB. I'm don't know much about SNMP. Some devices implement a layer 2 discovery protocol. Cisco has CDP, for example. More recently, there's a standard for LLDP (Link Layer Discovery Protocol). These sorts of things can generally tell you the MAC address of the connected port. Hire some local fifth graders to transcribe all the MAC address stickers from each box for gumdrops or baseball cards or whatever kids like these days. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
